System Description of ExorLive
ExorLive is a Software as a Service (SaaS) solution for planning workouts and for related administrative tasks. The solution consists of a load balanced web application driven by AJAX and web services, and a separate set of SOAP enabled web services for external integration.
ExorLive is running on a set of Microsoft Azure Servers by Microsoft. Data is stored in an Sql database. The servers are administrated by ExorLive Headquarter in Oslo.
Security in ExorLive is enforced by a strict security policy, and does not permit entities to be accessed or manipulated across organizations. Within the organization security is role based and users can be given administrative roles on a per unit/department level. The application is normally accessed over SSL, safeguarding the information being exchanged between the client and the server from eavesdropping. ExorLive stores only a hash of the user’s password, and when authenticating through ExorLive’s regular interface, HMAC-SHA-1 is used to ensure that message replay cannot be used to wrongfully gain access. All data is encrypted. External services are required to use the SSL enabled endpoints to ensure transport security as HMAC-SHA-1 is not enabled on these.
There is no need to store any kind of personal data in ExorLive. If desired, the option to enter personal data is blocked. If it is appropriate to enter personal information, the organization itself desides on the policy.
The system provides integrity by ensuring that users are not able to insert or edit entities they are not authorized for. Actions are logged. All data is replicated on multiple servers real-time, and Backups are stored on Microsoft Azure Servers. ExorLive run and store data in accordance with Norwegian laws.